The Register® — Biting the hand that feeds IT

Feeds

UK teen is world's youngest certified ethical hacker (maybe)

Born to tinker

By Dan Goodin, 10th February 2008
  • print
  • alert

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

For as long as he can remember, Shane Kelly has taken a keen interest in taking things apart. When he was 11 and his family took delivery of its first PC, he promptly pulled off the cover and disassembled it, much to the chagrin of his parents.

"They weren't too impressed at the time," Kelly, who is now 16, says. "But I put it back together. It worked."

A few months ago, the Solihull teenager successfully acquired an accreditation in Certified Ethical Hacking, making him possibly the youngest person to do so. While computers and networking have always captured his imagination, he says his interest in security prompted him to go for the hacking certification.

"That certainly stood out because it was the one qualification that focused not on the defensive side but it actually took you into the mind of the hacker," he says. "It was the mindset that gave me the motivation into taking the course."

Once upon a time, network security and penetration testing was a specialized field that was mainly inhabited by expensive outside consultants. Now that the net has become a core part of transacting business, more and more organizations are bringing these workers in-house.

"It's really come into its own as a legitimate area," says Terry Kurzynski, CEO of professional services firm Halock Security Labs, which also provides training for people seeking the credential. "We've been in security for 11 years and it really hasn't been until the last four or five years that ethical hacking has become a service."

It took Kelly about 10 months to complete the course work and pass the four-hour test required to get the accreditation. That included a five-day boot camp.

He recently landed a spot as a temporary worker at the Birmingham City University, where he expects to do IT-related work. He's considering acquiring additional accreditations for Cisco and Microsoft technologies.

But eventually, he says, he plans to do security work.

"Due to my age, it's probably not going to happen in the next five years," he says. "In the industry, you need to have a certain amount of experience. I hope to see myself doing security work of some some sort." ®

This story was updated to correct the name of the university where Kelly has landed a temp job.

Agentless Backup is Not a Myth

COMMENTS

House Rules Send Corrections
All Reader Comments (46)
Latest Comments
Anonymous Coward

Certifications and experience

Neither one means anything if the person possessing it is dead from the neck up. I've run into totally incompetent holders of first class honours degrees in CS, completely ineffective holders of PhDs, guys with 20 years or more experience of C programming who couldn't write hello world without having to edit it 3 times to fix syntax errors before it would compile (and then it did the wrong thing when they ran it). But they are extremely useful filters - why bother to interview someone who has neither certification nor experience (unless you have word of mouth reccommendation of them from someone you trust)? In fact, unless you are recruiting for a very junior position, why interview someone who doesn't have both certification and experience?

Of course the average recruitment consultant and the average HR type can't even read a job spec and a CV and see if there's any sort of match, and will even ask for quite insane experience (like the people asking for 10 years Algol 68 programming experience in 1971, which presumably required the candidate to have access to a working time machine) so they will fail to make correct use of certification and experience requirements as a candidate filter, and then it isn't at all obvious to either the candidate or to the hiring manager or team leader, once the recruitment "professionals" have got involved, that either certification or experience means anything at all. It's different with a real professional recruitment type, but those are few and far between and hard to find.

Unlike these typical HR types, I know what I'm looking for and I have a pretty good idea how to recognise it. And I can tell you now that a guy who picks up the ethical hacker certification at 16 will probably, by the time he's 21, have what I'm looking for. His ethical hacker certificate, in itself, is indeed irrelevant in terms of its practical content - the stuff it covers is not the stuff that my team needs, and most of the practical side of it will be out of date anyway in 5 years time (the theoretical side will continue to be relevant pretty well for ever, but most comments above seem to regard theory as pointelss; a remarkable piece of stupidity, as theory is often widely applicable and learning a new programming language or operating system is child's play compared to acquiring a good grounding in the theoretical underpinnings of computing and IT). The attitude he has demonstrated by getting it at the age of 16 *is* part (a very large part) of what I need. I imagine that other serious professionals (including a minority of those who commented above) will feel the same way.

Of course what nearly everyone fails to see is that experience and certification doesn't have to be directly and tightly relevant. Far too many people will say something like "ethical hacking isn't relevant to programming a web service, so that qualification is no qualification for the job I want filled". Well, those guys can safely leave the CV filtering to the HR types, who won't screw up filtering on the CV content any more than they would themsleves.

0
0
Dan Goodin
(Written by Reg staff)

Story corrected

Hey Anonymous Coward,

Due to incorrect information supplied to The Register, we got the name of the university wrong in an earlier version of the story. The article has been updated. Thanks for pointing out the mistake.

0
0
Anonymous Coward

BAD JOURNALISM!

As a postgraduate at the University of Birmingham I would be interested to speak to Shane. However, as far as I can tell Shane is not employed by the University. This seems like bad journalism to me.

Maybe he works for

* Birmingham City University (formerly University of Central England); or maybe

* Aston University.

Would TheRegister like to offer a response?

Shane, if you are reading this then get in touch, google "Ben Smyth"

0
0

More from The Register

breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
135
breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
Flash flaw potentially makes every webcam or laptop a PEEPHOLE
But it's a Google problem - Chrome only, insists Adobe
60
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
breaking news
Yahoo! joins! rivals! in! PRISM! data! request! admission!
Keep calm and carry on using American tech firms, folks
41
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17
breaking news
'BadNews is malware' says outfit that found it
Google says code harmless but Lookout says code base is evolving
15